unable to attach acr with aks

Question

I have use following command to attach AKS with ACR

az aks create -n myAKSCluster -g myResourceGroup --attach-acr $MYACR

But the error still persist while fetching image. Then I did a little more investigation to find what all service principal ids are attached using following

az aks list

and I get [] empty array list. Any clue what I might be missing?

az role assignment list --assignee --scope

Answer 1

First of all check if your cluster is already attached to ACR.

az aks check-acr --name myAKSCluster --resource-group myResourceGroup --acr myAcr.azurecr.io

If already attached you will get a message like "Your cluster can now pull images from ACR". If you get an error code like 403 you can attach ACR to existing cluster with this command

az aks update -n myAKSCluster -g myResourceGroup --attach-acr myAcr

You can also attach ACR to AKS from different subscription.

az aks update -g myResourceGroup -n myAKSCluster --attach-acr "/subscriptions/{subcription-id}/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myAcr"

Answer 2

You can first set the subscription using the following command and then can try with further ones to map ACR to AKS

 az account set --subscription

there are two ways to get this sorted

Map the ACR to AKS

CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name 
$AKS_CLUSTER_NAME --subscription $SUBSCRIPTION_ID --query "servicePrincipalProfile.clientId" --output tsv)

ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --subscription $SUBSCRIPTION_ID --query "id" --output tsv)

az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID